Authentication using active directory RRS feed

  • Question

  • Hello everyone,

    I want to authenticate users in my project using active directory, after hours and hours spent surfing on the internet i didn't find anything useful for me.

    If anyone can help me with pieces of code or example i'll appreciate it a lot, because i have no idea where i can start from.

    Best regards,


    Tuesday, February 12, 2019 8:10 AM

All replies

  • Perhap I don't understand what you mean by use AD but if you simply want to use Windows auth (which is what AD is) then you don't need to do anything. Windows apps use it automatically and web apps (which can be posted at just set the authentication to Windows. You don't need to write any code to authenticate the current user.

    To get access to the current Windows user you can use a variety of approaches depending upon your app but WindowsIdentity.GetCurrent works anywhere. In other cases you can use the current thread's principal since it will be set to the user running the app. 

    Michael Taylor

    Tuesday, February 12, 2019 2:44 PM
  • Sorry if my english is bad, however i need a sort of form which the user have to insert his username and pass, after the validation of the credentials the user can navigate only in some sections, such as view details of something but not edit, ex: sample user, while admin can do everything. A sort of backend which allows to indicate which domain users can access with specific privileges.

    Firstly i want to obtain this in a sample console application which display a message with all the information about the user (in my case i need the groups of the user) for example: "hello mr smith you can: insert, but not delete".

    Tuesday, February 12, 2019 3:07 PM
  • So you are building an app that allows any WIndows user to log in as any other Windows user if they know their credentials? That is probably not a good idea but you can do it in .NET using the DirectoryServices namespace. Refer to PrincipalContext.ValidateCredentials to validate credentials against AD.

    For permissions you have to implement this yourself. Most people create app roles based upon AD groups and then get the group memberships once authenticated. This can be stored in the config, pulled from a DB, etc. You can look into using Client Application Services for this if you're interested.

    To get this all to work you really need to validate the user's credentials and then set the thread's user context to the validated user otherwise it'll continue to use the user who started the app.

    Michael Taylor

    Tuesday, February 12, 2019 3:39 PM